Description

Red Hat Jboss Application Server could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation. By using specially-crafted serialized data, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Remediation

Upgrade to the latest version of JBoss.

References

Related Vulnerabilities